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DETAILED ACTION 

1 . Claims 1 -44 are examined. 

Claim Objections 

2. Claim 4 is objected to because there seems to be an error in the claim language. 
Signing the message with a private key would generate a signature, thus it is awkward 
or redundant to state "signing with a key with a digital signature". Appropriate correction 
is required. 

3. Claim 5 is objected to because it claims dependence on claim 3, however the 
claim language reads on aspects of claim 4. The Examiner will assume that claim 5 is 
meant to depend on claim 4. Claims 17 and 29 have similar issues. 

4. Claims 8-10 are objected to because they depend on claim 5, however, essential 
elements discussed in the claim are introduced in claim 6. The Examiner will assume 
the Applicant desired claims 8-10 to depend upon claim 6. Claims 20-22 and 32-34 
have similar issues. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
forfaiting to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. The preamble states a "method of integrating a device into a 
secure network" however, there is no evidence in the claim language of the device 
being integrated into a secure network. It is also unclear which entity is performing the 
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hashing step disclosed in line 7. There also seems to be missing steps in the method 
such as which entity is doing the comparing of the hashes and how the hashes are 
being sent in the network to enable a comparing step. The Examiner also points out 
that the claim language infers that the first and second secret are distinct items, and 
thus it is confusing how a hash of two distinct strings of data would result in a positive 
match. By definition, a hash function would not generate the same hash with different 
inputs. Claims 13,25 and 37 have similar issues. 

6. Claim 2 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. The examiner notes the statement above concerning a 
positive match of hashes, and concludes that a hash of a second secret with a second 
(distinct) random number would not result in a positive match of a hash of a first secret 
and a first random number. It is unclear to the Examiner how there may be a positive 
match with separate and distinct inputs to the hash function, especially considering the 
use of distinct random numbers. Claims 14 and 26 have similar issues. 

7. Claim 37 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. Line 14 reads to "send a hash of the second secret to the 
device...". The Examiner believes the Applicant meant for this to read "hash of the first 
secret"; if this is false assumption, then the Examiner is unsure how the authenticator 
generates a hash based on a second secret. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 1-5,1 1-17,23-29, 35-44 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Palekar et al. (US PgPub 2003/0226017) and further in view of 
Peyravian (US PgPub 2004/0158715). 

9. As per claim 1 , Palekar discloses a method of integrating a device into a secure 
network, comprising: 

establishing a tunnel between an authenticator and a device, the tunnel using a 
tunnel protocol ([0008]), the authenticator having a first public key, the device having a 
second secret and a second public key ([0048]); and 

establishing an authenticated session between the device and the authenticator 
when the hash of the first secret matches a hash of the second secret ([0044] lines 17- 
25), however, Palekar doesn't specifically disclose the authentication step of hashing a 
first secret using the first public key and the second public key to produce a hash of the 
first secret. Alternatively, Palekar discusses several authentication mechanisms, one in 
which a user is authenticated based on a random number generated in the tunnel and a 
shared secret between the authenticator and the device, wherein a hash of the secret 
and the random number are compared for authentication. 
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The Examiner argues that there are many ways practiced in the art for 
generating a hash value, and it is common to use multiple keys, random numbers, 
passwords or other shared data. The Examiner believes that it would have been 
obvious to generate a hash using a first and second public key and a random number 
and asserts this to be a design choice. Just as it is performed in the art to encrypt a 
value with multiple keys, it would be obvious to hash a value with multiple keys. 
Motivation to do so would be a believed sense of greater security by requiring a user to 
obtain multiple secrets to properly decrypt the value or generate the hash. Moreover, 
the Examiner asserts that the prior art differs very little functionally only in that it 
requires the authenticator and device to maintain a shared secret, as opposed to 2 
shared secrets (both public keys). Thus the Examiner asserts that it would have been 
obvious to one of ordinary skill in the art to modify Palekar to include wherein the hash 
on a secret value is performed with multiple public keys. 

Nevertheless, Peyravian discloses a method of authentication between a user 
and a server wherein two hashes generated using a first public key, a second public key 
and a random number are compared to authenticate the user/server (see [001 1] and 
[0012]). 

Peyravian is analogous art because it is directed to a method of authenticating a 
user by comparing a generated hash value. It would have been obvious to one of 
ordinary skill in the art at the time of the invention to modify Palekar to include the 
authentication method described in Peyravian. Motivation for modifying Palekar as 
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discussed above would have been to provide a secure method of authenticating public 
keys as discussed in Peyravian (see background). 

10. As per claim 2, Palekar in view Peyravian , discusses the method of claim 1 , 
further comprising: 

hashing the second secret at the device to produce the hash of the second 
secret using the first public key, the second public key and a second random number 
generated from the tunnel protocol (Peyravian [0012]). 

11. As per claim 3, Palekar discloses the method of claim 1 , but does not disclose 
wherein the authenticator has a first private key, the method further comprising: 
encrypting the hash of the first secret using the second public key; and placing the 
encrypted hash into a message. However, the Examiner takes official notice that it is a 
well-known and commonly practiced feature in the art to encrypt a hash using a users 
public key. The technique as is well understood in the art is commonly used to transmit 
a message to a specific user, so that only the user with the corresponding private key 
could decrypt this message. 

12. As per claim 4, Palekar in view of above discloses the method of claim 3, but 
does not disclose the method further comprising signing the message with the first 
private key with a digital signature. Similar to discussion above, the Examiner takes 
official notice that it is a very well known and commonly practiced feature in the art to 
sign a message directed to a specific user with a private key of the sender. Motivation 
for this in the art is so that the recipient can reasonably authenticate the message 
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sender with the assumption that the private key has not been compromised, as would 
have been readily apparent to one of ordinary skill in the art. 

13. As per claim 5, Palekar in view of the discussion above discloses the method of 
claim 4, wherein the device comprises a second private key; and further comprising: 
checking the digital signature using a first public key; and decrypting the message using 
the second private key. In view of the above claims 3 and 4, this is a necessary step for 
recovering the sent message, as is well known in the art. 

14. As per claim 1 1 , Palekar discloses the method of claim 1 , wherein the 
authenticator comprises a first credential list and the device comprises a second 
credential list, the method further comprising: determining if the public key from the 
device is on the first credential list; and determining if a public key from the device is in 
the second credential list [0051]. The Examiner notes that Palekar doesn't explicitly 
state the use of a credential list, however, the Examiner believes that this is an inherent 
aspect of the invention, since the server and the device are required to maintain the 
cryptographic keys authenticated in the session. 

15. As per claim 12, Palekar discloses the method of claim 1, wherein the 
authenticator comprises a first credential list and the device comprises a second 
credential list, the method further comprising: placing the first public key in the second 
credential list; and placing the second public key in the first credential list [0051]. In 
view of the above arguments wherein the credentials lists are inherently implied, the 
step of storing the keys in their respective credential list is also a necessarily implied 
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step. The examiner argues that upon agreement/authentication of the keys, the keys 
are stored at both the server and the device for subsequent use. 

16. Claims 13-17 and 25-29 are rejected because they are directed to substantially 
similar subject matter as claims 1-5 respectively. 

17. Claims 23-24,35-36 are rejected because they disclose substantially similar 
subject matter to claims 11-12 respectively. 

18. Claim 37 is rejected because it discloses substantially similar subject matter to 
claim 1. 

19. Claims 38-39 are rejected because it discloses substantially similar subject 
matter to claim 3-4. 

20. Claim 40 is rejected because it discloses substantially similar subject matter to 
claims 1 and 2. 

21 . As per claim 41 , Palekar discloses the product of claim 40, wherein the product is 
a cellular phone ([0031] handheld wireless device) . 

22. As per claim 42, Palekar discloses the product of claim 40, wherein the product is 
a personal digital assistant [0031]. 

23. As per claim 43, Palekar discloses the product of claim 40, wherein the product is 
a computer system [0031]. 

24. As per claim 44, Palekar discloses the product of claim 40, wherein the product is 
a wireless camera ([0031] programmable consumer electronic). 
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25. Claims 6-10, 18-22 and 30-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Palekar (US PgPub 20030226017) in view of Peyravian (US PgPub 
2004/0158715) and further in view of Slick (US PgPub 20030105963). 

26. As per claim 6, Palekar/Peyravian disclose the method of claim 1 , but does not 
disclose the method further comprising: determining if a hash value of the second public 
key matches a displayed hash value observed at the device; and determining if the first 
secret matches a displayed secret observed at the device; wherein the second secret is 
the displayed secret after entry into a network console connected to the authenticator. 

Slick discloses a method of determining if a key value received by a computing 
device in a communication session can be authenticated against a value received from 
a physical display of the sending device (see [0018]). Slick discloses that the displayed 
value is a hash value of a public key, but does not explicitly disclose the step of 
determining if a first secret matches a displayed secret observed at the device; wherein 
the second secret is the displayed secret after entry into a network console connected 
to the authenticator. It would have been obvious to one of ordinary skill in the art to 
modify Palekar/Peyravian to include an authentication method wherein a value 
displayed at a device is compared against a computed hash value at an authentication 
device. Motivation for modifying Palekar/Peyravian as discussed above would have 
been to enable a user to authenticate a device key at the device without the need for an 
external digital certificate or CA as discussed in Slick paragraph [0020]. The Examiner 
argues that based on the disclosure of Slick, it would have been obvious to include a 
second secret data to be compared by the computing device. Slick discloses the 
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functionality of ensuring that the received data is actually supplied by the proposed 
sender, thus the Examiner argues that it seems to be a design choice to include a 
subsequent value for comparison. Motivation provided for the perceived design choice 
may be a sense of added security in that two values must be compared as opposed to a 
single value, which would have been an obvious modification to one of ordinary skill in 
the art at the time of the invention. 

27. As per claim 7, Slick discloses the method of claim 6, wherein the device 
includes a label having the displayed hash value and the displayed secret [0019]. Slick 
enables a user to receive a key value at the printer in the form of a printed test page. 
While the Examiner agrees that this is not a label, nothing in the functionality of Slick 
precludes the use of a label attached to the printer. Both methods require the 
authenticator to be present at the device to perceive the hash. Thus the Examiner 
believes it is a design choice to include wherein the hash is displayed on a label as 
opposed to output on a physical page (a primary function of a printer). Motivation for 
including a hash on a label would be to enable devices with alternate display means to 
display the hash value as would have been readily apparent and obvious to one of 
ordinary skill in the art at the time of the invention. 

28. As per claim 8, Slick discloses the method of claim 6, wherein determining if the 
hash value of the second public key matches comprises: reading the displayed hash 
value; and verifying the displayed hash value at a network console [0019-0020]. 

29. As per claim 9, discloses the method of claim 6, wherein determining if secret 
matches comprises: reading the displayed secret; and entering the displayed secret at a 
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network console ([0019]-[0020] wherein in view of the arguments pertaining to Slick in 
the rejection of claim 6, the Examiner argues this would be a necessary enhancement). 

30. As per claim 10, Slick discloses the method of claim 6, wherein the device 
comprises a display and an application, the application rendering the displayed hash 
value and the displayed secret on the display [001 9]-[0020]. 

31 . Claims 1 8-22,30-34 are rejected because they disclose substantially similar 
subject matter to claims 6-10 respectively. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Ellison et al. (US PgPub 2004/0025017) and Brickell (US PgPub 
2003/0233550). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Bludau whose telephone number is 571- 
272-3722. The examiner can normally be reached on Monday -Friday 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Brandon S Bludau 

Examiner 
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